04-23-2021 , 03:26 AM
Quote:Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan (RAT) dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account.
The ToxicEye malware can take over file systems, install ransomware and leak data from victim’s PCs, according to researchers at Check Point Software Technologies.
Check Point said it tracked more than 130 cyberattacks in the last three months that leveraged ToxicEye, which was being managed by threat actors over Telegram. Attackers use the messaging service to communicate with their own server and exfiltrate data to it, according to a report published online Thursday.
Hackers are likely have targeted Telegram, which has more than 500 million active users across the world, as their distribution platform because of its widespread use and popularity, said Idan Sharabi, research and development manager at Check Point.
“We believe attackers are leveraging the fact that Telegram is used and allowed in almost all organizations, utilizing this system to perform cyber attacks, which can bypass security restrictions,” he said in an e-mailed statement.
Read more: Telegram Platform Abused in 'ToxicEye' Malware Campaigns